Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1001ff7a authored by Brian Norris's avatar Brian Norris
Browse files

mtd: tests: fix integer overflow issues 



These multiplications are done with 32-bit arithmetic, then converted to
64-bit. We should widen the integers first to prevent overflow. This
could be a problem for large (>4GB) MTD's.

Detected by Coverity.

Signed-off-by: default avatarBrian Norris <computersforpeace@gmail.com>
Cc: Akinobu Mita <akinobu.mita@gmail.com>
parent 8c3f3f1d

drivers/mtd/tests/mtd_test.c

+2 −2
Original line number Diff line number Diff line
@@ -10,7 +10,7 @@ int mtdtest_erase_eraseblock(struct mtd_info *mtd, unsigned int ebnum) 
{

	int err;

	struct erase_info ei;

	loff_t addr = ebnum * mtd->erasesize;

	loff_t addr = (loff_t)ebnum * mtd->erasesize;



	memset(&ei, 0, sizeof(struct erase_info));

	ei.mtd  = mtd;
@@ -33,7 +33,7 @@ int mtdtest_erase_eraseblock(struct mtd_info *mtd, unsigned int ebnum) 
static int is_block_bad(struct mtd_info *mtd, unsigned int ebnum)

{

	int ret;

	loff_t addr = ebnum * mtd->erasesize;

	loff_t addr = (loff_t)ebnum * mtd->erasesize;



	ret = mtd_block_isbad(mtd, addr);

	if (ret)

drivers/mtd/tests/nandbiterrs.c

+1 −1
Original line number Diff line number Diff line
@@ -364,7 +364,7 @@ static int __init mtd_nandbiterrs_init(void) 


	pr_info("Device uses %d subpages of %d bytes\n", subcount, subsize);



	offset     = page_offset * mtd->writesize;

	offset     = (loff_t)page_offset * mtd->writesize;

	eraseblock = mtd_div_by_eb(offset, mtd);



	pr_info("Using page=%u, offset=%llu, eraseblock=%u\n",

drivers/mtd/tests/oobtest.c

+4 −4
Original line number Diff line number Diff line
@@ -120,7 +120,7 @@ static int verify_eraseblock(int ebnum) 
	int i;

	struct mtd_oob_ops ops;

	int err = 0;

	loff_t addr = ebnum * mtd->erasesize;

	loff_t addr = (loff_t)ebnum * mtd->erasesize;



	prandom_bytes_state(&rnd_state, writebuf, use_len_max * pgcnt);

	for (i = 0; i < pgcnt; ++i, addr += mtd->writesize) {
@@ -214,7 +214,7 @@ static int verify_eraseblock_in_one_go(int ebnum) 
{

	struct mtd_oob_ops ops;

	int err = 0;

	loff_t addr = ebnum * mtd->erasesize;

	loff_t addr = (loff_t)ebnum * mtd->erasesize;

	size_t len = mtd->ecclayout->oobavail * pgcnt;



	prandom_bytes_state(&rnd_state, writebuf, len);
@@ -568,7 +568,7 @@ static int __init mtd_oobtest_init(void) 
		size_t sz = mtd->ecclayout->oobavail;

		if (bbt[i] || bbt[i + 1])

			continue;

		addr = (i + 1) * mtd->erasesize - mtd->writesize;

		addr = (loff_t)(i + 1) * mtd->erasesize - mtd->writesize;

		prandom_bytes_state(&rnd_state, writebuf, sz * cnt);

		for (pg = 0; pg < cnt; ++pg) {

			ops.mode      = MTD_OPS_AUTO_OOB;
@@ -598,7 +598,7 @@ static int __init mtd_oobtest_init(void) 
			continue;

		prandom_bytes_state(&rnd_state, writebuf,

					mtd->ecclayout->oobavail * 2);

		addr = (i + 1) * mtd->erasesize - mtd->writesize;

		addr = (loff_t)(i + 1) * mtd->erasesize - mtd->writesize;

		ops.mode      = MTD_OPS_AUTO_OOB;

		ops.len       = 0;

		ops.retlen    = 0;

drivers/mtd/tests/pagetest.c

+2 −2
Original line number Diff line number Diff line
@@ -52,7 +52,7 @@ static struct rnd_state rnd_state; 


static int write_eraseblock(int ebnum)

{

	loff_t addr = ebnum * mtd->erasesize;

	loff_t addr = (loff_t)ebnum * mtd->erasesize;



	prandom_bytes_state(&rnd_state, writebuf, mtd->erasesize);

	cond_resched();
@@ -64,7 +64,7 @@ static int verify_eraseblock(int ebnum) 
	uint32_t j;

	int err = 0, i;

	loff_t addr0, addrn;

	loff_t addr = ebnum * mtd->erasesize;

	loff_t addr = (loff_t)ebnum * mtd->erasesize;



	addr0 = 0;

	for (i = 0; i < ebcnt && bbt[i]; ++i)

drivers/mtd/tests/readtest.c

+1 −1
Original line number Diff line number Diff line
@@ -47,7 +47,7 @@ static int pgcnt; 
static int read_eraseblock_by_page(int ebnum)

{

	int i, ret, err = 0;

	loff_t addr = ebnum * mtd->erasesize;

	loff_t addr = (loff_t)ebnum * mtd->erasesize;

	void *buf = iobuf;

	void *oobbuf = iobuf1;